Social Media Policies: Why have them, and what should they cover?

May 29, 2013

The Internet and Social Media have rapidly become indispensable tools for networking, productivity, and information gathering and sharing as used by people from all ages, stages in life or work, and nations.

What is Social Media?

Having developed to fulfill the above roles, resulting online communities of avid users have developed into global multilingual, multicultural, and multidisciplinary social mediums (plural “media”) for:

Cloud applications (software, infrastructure, platform, security, and other “as a service” offerings in some or all the above, eGovernance, and public, private, and hybrid clouds;

and many other distinct offerings and versions for such online community activities now known and/or yet to become well known. In sum, however, these are all mediums or platforms and utilities through which people, being social, may responsibly interact in a way that “enriches” society.

Why should its use be governed?

Responsible and proper use of the Internet and Social Media “E.N.R.I.C.H.E.S.” our society; i,e, it:

Educates,

Negates falsehoods, and both enables and enhances

Relationships,

Introductions,

Commerce,

Help and assistance and self-help,

Expression, and

Social and national security.

However, as with most if not all things, there is a potential downside to online community participation. Businesses with employees and contractors all need to ensure that their workers are not getting themselves and their employer (or principal in the case of agents), into legal problems or embarrassing situations as a result of their online activities. As a result, employers should develop and enforce robust social media usage policies that more closely address the unique qualities of these online communities, as online communities (site terms of use, internal employee policies, and generalized rules), and not just the generic “social media”. One way to do this is to divide the policy, after a good preamble, into 4 (“four”) parts: (i) “Please” rules; (ii) “Don’t” rules; (iii) “Always Appreciate” rules; and (iv) “Affirmations and Signatures”. These categories need not appear in the order given, and they may be mixed and matched.

What these rules might cover?

“Please” Rules.

Depending upon the mix of internal (intranets) and external (news and articles commentary) social media considered, the employer should remind employees to be respectful and responsible in their online activities, to use disclaimers so as to prevent attribution to their employer of any personal comment or action when not specifically authorized, and to use good judgment and avoid underhanded actions. The employer should also ask employees to remember their day jobs and consider how their actions outside the workplace “may” impact upon any or all of them, their employer, their employer’s business and reputation, and their employer’s customers. Also, the employer might remind site users and employees to clearly identify their sources when possible and advisable, including with hyperlinks; as well as a reminder to comply with (and not use the social media platform in an effort to circumvent or violate), any legal compulsion under which they must act in a certain way, or any lawful document by which they are bound, such as any court order, consent order or settlement agreement, injunction, or restraining order

“Don’t” Rules.

These rules will revolve around actions beyond simple decorum, to include a host of specific prohibitions against online IP infringement, a bar on criminality and all forms of stalking, or sexual or other harassment or bullying, and a further prohibition on any breach through use of online interaction to breach applicable internal data retention policies, or protections for client confidentiality, privacy, and proprietary employer information. Advisories to avoid personal attacks and offensive language, as well as defamation, would also be in order. In the absence of a BYOD policy, the employer may also bar the use of work devices for personal reasons, including by barring access to certain sites or by implementing some monitoring regimes, with advance notice, of course. This group of rules will also limit or bar the installation of third-party programmes, software or utilities, without advance approval from designated employer personnel; impose restrictions or bars on anonymizing postings and other participation; and issue a blanket prohibition on circumventing any site or employer security protocols or programs.

“Always Appreciate” Rules.

These will include notifications of how online behavior is tracked and include a consent to monitoring by their use, as well as an explanation of the use of cookies – both standard and persistent, in accordance with applicable laws and regulations. Online community members and employees should also be reminded to always appreciate the permanency of their online activities and postings, and the interplay of different policies – such as anti-harassment and anti-sexual harassment, human rights, confidentiality, and applicable codes of conduct to include professional conduct through professional licensing bodies. This group of rules should also encourage recognizing the value of accuracy in commentary, the desirability of respecting alternate viewpoints in online dialogues, the advisability of not pretending to be an expert and inviting embarrassment when the true experts chime-in, and the benefits to peace of mind and avoiding open hostility in staying away from controversial topics. The employer will also draw attention to the complaints escalation policy and any alternate dispute resolution mechanisms that it prefers or mandates for members of its workforce, any or all of the online communities that it hosts, or both of these.

Affirmations, Disclaimers, and Signatures.

Here, the user or member of that social medium – whether or not an employee – should be invited as a condition of use and membership, to clearly acknowledge the fact that any user breaching the usage policy, applicable law, or company rules and regulations is sanctionable up to and including cessation of privileges and termination of employment as applicable; as well as a notification that the employer or forum host reserves the right to proceed against them in a suit at law or in equity to recover any or all of its costs incurred to defend itself in any legal or regulatory matter, or the proceeds of any settlement it paid and legal fees, or its reputation, actually or allegedly emanating from that user or member’s conduct. All users and members must also affirm that they are of a jurisdictional age to use the social medium in the first place, that they will maintain the confidentiality and control of their accounts and log-on credentials, and where appropriate, that they will not directly breach or permit the breach through third party use of their accounts or credentials, of specific laws of concern to that community. These may include: obscenity and pornography restrictions; child pornography as a separate and distinct carve-out; terrorist activity; hate crimes; and money-laundering. Also, in addition to the standard and weighty disclaimers of the site host and/or employer, and somewhere in the entire policy, the employer – if based in the United States or otherwise touched by United States’ law and the National Labor Relations Act (NLRA), should include a guarantee of protected “concerted activity”, such as employee rights to free discussion in social media of their terms and conditions of work, to organize or unionize and discuss such issues, and to bargain collectively through their own chosen representatives, all without fear or threat of termination or other punishment. Finally, somewhere in the policy, there should be discussion of what the employer or medium host would like to feel free to do with, to, or through user accounts in the case of a generally-defined or specifically-named (general always gives more leeway), emergency situation.

Summary.

Due to the wide use and ubiquity of social media and the “tri-screen convergence”[1] that it continues to foster, these rules must be carefully crafted to identify and address the specific audience for each rule or each subrule, whether: (i) employees using an employer-hosted or employer-sponsored site; (ii) employees on their own time or during work time, but using other sites; (iii) non-employees using the employer-hosted or employer-sponsored site. Of course, separate policies may be developed, e.g.: (a) Social Media Policy; (b) Code of Conduct & Confidentiality Policy; (c) Online Community Usage Policy, as appropriate, and intertwined with cross-referencing. A Data Retention Policy should also be disclosed, as it covers all users, along with a summary of the policy carve-outs or other procedures that might come into play when dealing with internal investigations, discipline and ongoing compliance monitoring, and requests for law enforcement assistance. A single and all-encompassing policy may also be used with separate sub-headings and carve-outs for these, where inapplicable to a specific audience as here identified. However, that is a matter of entity-specific choice, and diverse new offerings will challenge established thought leadership on the best or most appropriate way to devise and deliver “any” policy.[2]

In any case, social media policies should be comprehensive, but they need not be unduly convoluted. Once you have the basics, you can build on it and go as deep as you want to for each sub-element. Remember, it does not hurt to get advice from legal counsel as the field is fraught with traps, and many areas of law need to be considered and factored-in, to properly blend and balance-out the end-product.

Ekundayo George is a sociologist and a lawyer, with over a decade of legal experience including business law and counseling (business formation, outsourcing, commercial leasing, healthcare privacy, Cloud applications, social media, eCommerce, and Cybersecurity); diverse litigation, as well as ADR; and regulatory practice (planning and zoning, environmental controls, landlord and tenant, and GRC – governance, risk, and compliance investigations, audits, and counseling) in both Canada and the United States. He is licensed to practice law in New York, New Jersey, and Washington, D.C. Please See: http://www.ogalaws.com

He is an experienced strategic and management consultant; sourcing, managing, and delivering on high stakes, strategic projects with multiple stakeholders and multidisciplinary teams. Please See: http://www.simprime-ca.com

Backed by courses in management, organizational behaviour and micro-organizational behaviour, and a Certificate in Field Security from the United Nations Department of Safety and Security (UNDSS), in New York, Mr. George is also a writer, tweeter and blogger (as time permits), and a published author in Environmental Law & Policy (National Security aspects).

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”), in whole or in part for their content, or their accuracy, or their availability.

This article does not constitute legal advice or create any lawyer-client relationship.

[1] Individuals can now use one device to watch a movie (formerly and exclusively done in the theatre or on a television), get news updates (formerly done through the radio, television, or print media), and get in touch with friends and family or businesses and business associates (formerly done through a fixed line at home, in the office, or in a telephone booth). Now, the TV screen, the computer screen, and the laptop screen, can all be melded into a smartphone that is portable, always on (battery power and novel charging methods allowing), and can translate.